* feat(access-token): Multi-auth middleware support EE-1891 (#5936)
* AnyAuth middleware initial implementation with tests
* using mux.MiddlewareFunc instead of custom definition
* removed redundant comments
* - ExtractBearerToken bouncer func made private
- changed helm token handling functionality to use jwt service to convert token to jwt string
- updated tests
- fixed helm list broken test due to missing token in request context
* rename mwCheckAuthentication -> mwCheckJWTAuthentication
* - introduce initial api-key auth support using X-API-KEY header
- added tests to validate x-api-key request header presence
* updated core mwAuthenticatedUser middleware to support multiple auth paradigms
* - simplified anyAuth middleware
- enforcing authmiddleware to implement verificationFunc interface
- created tests for middleware
* simplify bouncer
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
* feat(api-key): user-access-token generation endpoint EE-1889 EE-1888 EE-1895 (#6012)
* user-access-token generation endpoint
* fix comment
* - introduction of apikey service
- seperation of repository from service logic - called in handler
* fixed tests
* - fixed api key prefix
- added tests
* added another test for digest matching
* updated swagger spec for access token creation
* api key response returns raw key and struct - easing testability
* test for api key prefix length
* added another TODO to middleware
* - api-key prefix rune -> string (rune does not auto-encode when response sent back to client)
- digest -> pointer as we want to allow nil values and omit digest in responses (when nil)
* - updated apikey struct
- updated apikey service to support all common operations
- updated apikey repo
- integration of apikey service into bouncer
- added test for all apikey service functions
- boilerplate code for apikey service integration
* - user access token generation tests
- apiKeyLookup updated to support query params
- added api-key tests for query params
- added api-key tests for apiKeyLookup
* get and remove access token handlers
* get and remove access token handler tests
* - delete user deletes all associated api keys
- tests for this functionality
* removed redundant []byte cast
* automatic api-key eviction set within cache for 1 hour
* fixed bug with loop var using final value
* fixed service comment
* ignore bolt error responses
* case-insensitive query param check
* simplified query var assignment
* - added GetAPIKey func to get by unique id
- updated DeleteAPIKey func to not require user ID
- updated tests
* GenerateRandomKey helper func from github.com/gorilla/securecookie moved to codebase
* json response casing for api-keys fixed
* updating api-key will update the cache
* updated golang LRU cache
* using hashicorps golang-LRU cache for api keys
* simplified jwt check in create user access token
* fixed api-key update logic on cache miss
* Prefix generated api-keys with `ptr_` (#6067)
* prefix api-keys with 'ptr_'
* updated apikey description
* refactor
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
* helm list test refactor
* fixed user delete test
* reduce test nil pointer errors
* using correct http 201 created status code for token creation; updated tests
* fixed swagger doc user id path param for user access token based endpoints
* added api-key security openapi spec to existing jwt secured endpoints (#6091)
* fixed flaky test
* apikey datecreated and lastused attrs converted to unix timestamp
* feat(user): added access token datatable. (#6124)
* feat(user): added access token datatable.
* feat(tokens): only display lastUsed time when it is not the default date
* Update app/portainer/views/account/accountController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/views/account/accountController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/views/account/accountController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/components/datatables/access-tokens-datatable/accessTokensDatatableController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/services/api/userService.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* feat(improvements): proposed datatable improvements to speed up dev time (#6138)
* modal code update
* updated datatable filenames, updated controller to be default class export
* fix(access-token): code improvement.
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* feat(apikeys): create access token view initial implementation EE-1886 (#6129)
* CopyButton implementation
* Code component implementation
* ToolTip component migration to another folder
* TextTip component implementation - continued
* form Heading component
* Button component updated to be more dynamic
* copybutton - small size
* form control pass tip error
* texttip small text
* CreateAccessToken react feature initial implementation
* create user access token angularjs view implementation
* registration of CreateAccessToken component in AngularJS
* user token generation API request moved to angular service, method passed down instead
* consistent naming of access token operations; clustered similar code together
* any user can add access token
* create access token page routing
* moved code component to the correct location
* removed isadmin check as all functionality applicable to all users
* create access token angular view moved up a level
* fixed PR issues, updated PR
* addressed PR issues/improvements
* explicit hr for horizontal line
* fixed merge conflict storybook build breaking
* - apikey test
- cache test
* addressed testing issues:
- description validations
- remove token description link on table
* fix(api-keys): user role change evicts user keys in cache EE-2113 (#6168)
* user role change evicts user api keys in cache
* EvictUserKeyCache -> InvalidateUserKeyCache
* godoc for InvalidateUserKeyCache func
* additional test line
* disable add access token button after adding token to prevent spam
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
Co-authored-by: fhanportainer <79428273+fhanportainer@users.noreply.github.com>
* feat(kubeshell) allow overriding default kubeshell
* Add missing error check and struct tag
* Add migrator for kube shell image and add it as a default in the db
* Fix file name to match migrator pattern
* remove default as it's now coming from the db
* remove blank line
* - conflict resolution code update
- logging migration error on migration failures
* - migrateDBVersionTo34 -> migrateDBVersionToDB34 (naming consistency)
Co-authored-by: zees-dev <dev.786zshan@gmail.com>
zees-dev